One embodiment of this invention describes a method and apparatus for the secure identification and validation of sensors or devices (e.g. Temperature Sensors or Alarm Controllers) in a machine-to-machine communications network. In addition as part of this invention any data transmitted between the sensors/devices to/from the network is secured by means of encryption techniques.
As the all-pervasive Internet begins to adopt inter-communications between low complexity devices there is a critical need to protect these devices from the types of security breaches found in their more complex cousins. The security of the low complexity devices, e.g. Internet of Things (IOT) sensors or devices, is paramount in gaining the confidence of the end users and thereby the wide acceptance of such sensors or devices in a world now familiar with credit card hacks, personal data theft and compromised email servers. The current set of available security solutions are predicated on communications between complex and powerful devices with substantial processing capabilities and almost limitless power. A majority of these contemporary solutions use convoluted encryption or validation schemes that necessitate the sending of large amounts of data between the devices in order to provide the desired level of protection. However these convoluted security schemes also, in general, require large processing engines (e.g. Intel CPUs), large power supplies and high bandwidth connections. As a consequence if they were to be implemented in low complexity sensor/devices to provide security it would completely negate any benefits to be gained by such sensor/devices and seriously curtail their rapid introduction to the market.
It is an important key characteristic of the low complexity sensors/devices that they have very little processing power (i.e. low performance CPUs) and in some cases may have no processing capability at all. Added to this limitation is the likelihood that these sensors/devices will also have very limited power available, either from a small battery or in some cases via the use of energy harvesting techniques. Furthermore the low complexity sensor/device family usually only perform one or perhaps a few dedicated tasks and cannot be used to run other applications.
There are a number of encryption and validation schemes that are currently used by the mobile and fixed network community. Perhaps the best and most studied mobile scheme is that used by GSM networks [1], in development since 1989. The GSM network security relies on the exchange of multiple pieces of authentication data transmitted over the radio interface and sourced from a Subscriber Identity Module (SIM) embedded in the Mobile Station (MS) (e.g. Smartphone). There are multiple layer 3 messages required to authenticate the Mobile User, ignoring the underlying protocol to transfer those messages to and from the fixed radio network. The use of multiple messages to validate/authenticate a user is acceptable when failure to do so might cost the network operator considerable revenue due fraudulent accesses. Almost as a by-product of the authentication process a shared encryption key is generated independently in the MS and network that allows the encryption of data sent on the radio interface. This radio interface encryption protects the mobile user from eavesdropping and secures the transmitted data. Using multiple messages to establish the validity of the user and generate an encryption key is acceptable when the processing capabilities of the mobile device and the power source available (i.e. large rechargeable battery) are also required to perform other tasks required of a modern Smartphone, this is in complete contrast to low complexity devices. The detailed protocols, procedures and methods used by GSM based networks are proprietary and unique to the network; they are also very hard to incorporate into low complexity devices. Although the overall methods used in GSM networks are generally accepted as “good practice” for securing a mobile network.
More recently (circa 2001) [2] methods have been devised for breaking the security of a GSM network and thereby hacking into voice and data calls. One particular method relies on sniffing thousands of packets on the radio interface and deriving the original key used to encrypt the packets thereby making future packets easily readable. There are straightforward fixes to deal with these breaches but even the most secure network can eventually be compromised if the volume of encrypted data is sufficiently large.
As can be seen by anyone skilled in the art the use of a heavyweight protocol like that used in GSM, although secure, would require considerable CPU processing power in the device as well as significant electrical power neither of which would be available in a low complexity sensor/device as addressed in this patent.
An alternative security scheme nominally directed towards low complexity devices is used by networks such as the Low Power Wide Area Network LoRaWAN™ [3] supported by the LoRa Alliance. However the scheme chosen by the LoRa Alliance relies on a set of pre-stored keys in the end nodes and the use of AES-128 encryption. Although each end device has unique keys in order to operate, that key must be shared either over the air with the network to which it attaches or via personalization at production time. LoRa relies on mutual authentication between end devices by exchanging multiple messages in order to verify keys. As the key is potentially sent over the radio interface it is possible that it might be captured by a man in the middle attack and used to hack the node from which it was sent or it could be captured by the network to which it is sent if that network itself is not secure. Alternatively it might be possible to duplicate the node and produce multiple false inputs to a database thereby destroying the integrity of any data that has been collected. The scheme chosen by the LoRa Alliance appears to be quite vulnerable to attack [4] and easily compromised. Further the data exchanges uses JavaScript Object Notation (JSON) data encoding which might provide opportunities for hackers to break even the AES-128 encryption as the data stream will be very consistent from packet to packet, especially if the low complexity sensor/device is a simple temperature sensor. Added to this weak security the sensor/device is required to generate quite a substantial amount of “unnecessary” data that has to be transmitted on the radio interface necessitating the use of even more energy. The fact that the over the air encryption scheme requires multiple messages to establish authenticity and start the encryption process could reduce the battery life of a low complexity sensor/device. Furthermore the sensor/device has to support IP type addressing including the required JSON data encoding inflates the size of the data packet that has to be sent on the radio interface once again requiring evermore energy.
Although there are many well-known network protocols such as SSH, SHA, SSL etc. that might be usable by a low complexity sensor/device these protocols are also vulnerable to attack as has been shown by numerous research articles [5, 6, and 7]. Even though these protocols are well known and understood they too present very heavy processing requirements to the underlying hardware a requirement that is not tenable when applied to a low complexity sensor/device.
In order to provide the level of security demanded by the end users and the network operator this patent presents a unique invention that addresses the dual problems of security complexity and power requirements. It is assumed that a low complexity sensor/device only has a small volume of data to send during each transmission interval. For example a temperature sensor may only have 1 or 2-bytes of data to send. Therefore adding in IP addresses or JSON encoding would be an unnecessary addition to the radio payload. The NSA approved SIMON and SPECK families of lightweight block ciphers [8] can securely encode 128-bits of data using the minimum of processing resources while providing the same level of security as the AES-128/256 schemes [8]. It is possible to perform the SIMON and SPECK encryption/decryption in either hardware or software further reducing the design restrictions on the target sensor/device.
The scheme outlined in this embodiment uses pre-shared random keys that are generated during manufacture of the sensor/device so there is no need to send them on an open radio interface, further reducing the ability for a hacker to hack the network. Each sensor/device has a unique set of keys. As an additional safeguard the pre-shared keys can be reformed each time a key is used if the low complexity sensor/device has the ability to dynamically change memory and is able to receive transmissions. This feature is also unique to the invention and provides an extra level of security.
A further understanding of the nature and the advantages of particular embodiments disclosed herein may be realized by reference to the remaining portions of the patent description and the attached drawings.